TECHNICAL PUBLICATIONS:

Ad hoc guesting: when exceptions are the rule

Usability, Psychology and Security (UPSEC) 2008

We explore how people's work practices affect the security and privacy of the information access and sharing. An ethnographic study finds that people frequently need transient access control, and circumvent security policies so that they can work productively—for example, storing and transporting files on insecure USB drives or sending files by email.

Paradoxically, stricter security policies often leads to more insecure practices. We present requirements for security systems that would let people do what they need more easily, including what we term ad hoc guesting. We outline an example of a simple-to-use but secure system for managing data on USB drives.